pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Use common module

Browse source
This commit is contained in:
pazpi 2025-01-08 14:33:52 +01:00
parent b48e25aa7d
commit ae24ddfe1a
9 changed files with 64 additions and 115 deletions
Download patch file Download diff file Expand all files Collapse all files

15
hosts/arr/default.nix
View file

@ -6,7 +6,10 @@
}:
{
my = {
utils.commons.enable = true;
utils = {
commons.enable = true;
lxc-standard.enable = true;
};
services.media-mgr = {
programs.enable = true;
@ -17,18 +20,8 @@
};
};
time.timeZone = "Europe/Rome";
# Extra packages
environment.systemPackages = with pkgs; [ ];
services = {
openssh.enable = true;
};
networking = {
nameservers = [ "192.168.1.2" ];
};
system.stateVersion = "24.05";
}

20
hosts/caddy/default.nix
View file

@ -23,7 +23,10 @@ in
};
my = {
utils.commons.enable = true;
utils = {
commons.enable = true;
lxc-standard.enable = true;
};
services = {
@ -123,30 +126,15 @@ in
};
};
time.timeZone = "Europe/Rome";
# Extra packages
environment.systemPackages = with pkgs; [ ];
services = {
openssh.enable = true;
iperf3 = {
enable = true;
openFirewall = true;
};
prometheus.exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" ];
};
};
};
networking = {
firewall.allowedTCPPorts = [ 9100 ];
nameservers = [ "192.168.1.2" ];
};
system.stateVersion = "24.05";

39
hosts/metrics/default.nix
View file

@ -6,6 +6,7 @@
}:
let
tailscaleMagicDNS = "neon-dory.ts.net";
defaultNodePort = toString config.services.prometheus.exporters.node.port;
in
{
@ -18,7 +19,10 @@ in
};
my = {
utils.commons.enable = true;
utils = {
commons.enable = true;
lxc-standard.enable = true;
};
services.media-mgr = {
exportMetrics.enable = true;
@ -47,39 +51,28 @@ in
};
};
time.timeZone = "Europe/Rome";
# Extra packages
environment.systemPackages = with pkgs; [ ];
services = {
openssh.enable = true;
prometheus.scrapeConfigs = [
{
job_name = "host-metrics";
static_configs = [
{ targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }
];
}
{
job_name = "host-caddy";
static_configs = [
{ targets = [ "caddy.internal:${toString config.services.prometheus.exporters.node.port}" ]; }
{
targets = [
"metrics.internal:${defaultNodePort}"
"caddy.internal:${defaultNodePort}"
"arr.internal:${defaultNodePort}"
"nextcloud.internal:${defaultNodePort}"
"vaultwarden.internal:${defaultNodePort}"
"plex.internal:${defaultNodePort}"
"portainer.internal:${defaultNodePort}"
];
}
];
}
];
prometheus.exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" ];
};
};
};
networking = {
nameservers = [ "192.168.1.2" ];
};
system.stateVersion = "24.05";

16
hosts/nextcloud/default.nix
View file

@ -16,7 +16,10 @@
};
my = {
utils.commons.enable = true;
utils = {
commons.enable = true;
lxc-standard.enable = true;
};
services.nextcloud = {
enable = true;
@ -32,19 +35,8 @@
virtualisation.proxmox.enable = true;
};
time.timeZone = "Europe/Rome";
# Extra packages
environment.systemPackages = with pkgs; [ ];
services = {
openssh.enable = true;
};
networking = {
firewall.allowedTCPPorts = [ 80 ];
nameservers = [ "192.168.1.2" ];
};
system.stateVersion = "24.05";
}

15
hosts/plex/default.nix
View file

@ -6,7 +6,10 @@
}:
{
my = {
utils.commons.enable = true;
utils = {
commons.enable = true;
lxc-standard.enable = true;
};
services.plex = {
enable = true;
@ -22,18 +25,8 @@
virtualisation.proxmox.enable = true;
};
time.timeZone = "Europe/Rome";
# Extra packages
environment.systemPackages = with pkgs; [ ];
services = {
openssh.enable = true;
};
networking = {
nameservers = [ "192.168.1.2" ];
};
system.stateVersion = "24.11";
}

15
hosts/portainer/default.nix
View file

@ -12,7 +12,10 @@ in
age.secrets.watchtowerSecrets.file = ../../secrets/watchtower-secrets.age;
my = {
utils.commons.enable = true;
utils = {
commons.enable = true;
lxc-standard.enable = true;
};
virtualisation = {
proxmox.enable = true;
portainer = {
@ -23,18 +26,8 @@ in
};
};
time.timeZone = "Europe/Rome";
# Extra packages
environment.systemPackages = with pkgs; [ ];
services = {
openssh.enable = true;
};
networking = {
nameservers = [ "192.168.1.2" ];
};
system.stateVersion = "24.11";
}

20
hosts/vaultwarden/default.nix
View file

@ -9,7 +9,11 @@
age.secrets.vaultwarden-admin-pwd.file = ../../secrets/vaultwarden-admin-pwd.age;
my = {
utils.commons.enable = true;
utils = {
commons.enable = true;
lxc-standard.enable = true;
};
services.vaultwarden = {
enable = true;
adminPasswordFile = config.age.secrets.vaultwarden-admin-pwd.path;
@ -18,22 +22,8 @@
virtualisation.proxmox.enable = true;
};
time.timeZone = "Europe/Rome";
# Extra packages
environment.systemPackages = with pkgs; [ ];
services = {
openssh.enable = true;
};
networking = {
firewall.allowedTCPPorts = [
80
443
];
nameservers = [ "192.168.1.2" ];
};
system.stateVersion = "24.11";
}

33
modules/services/media-mgr.nix
View file

@ -10,6 +10,12 @@ with lib;
let
cfg = config.my.services.media-mgr;
lidarrPort = toString 8686;
radarrPort = toString 7878;
sonarrPort = toString 8989;
readarrPort = toString 8787;
prowlarrPort = toString 9696;
containersDefinition = {
flaresolverr = {
@ -112,7 +118,6 @@ in
# Request management and media discovery tool for the Plex ecosystem
jellyseerr = {
enable = true;
port = 5055;
openFirewall = true;
};
@ -134,31 +139,31 @@ in
(lib.mkIf cfg.proxy.enable {
services.caddy = with cfg.proxy; {
virtualHosts."prowlarr.${domain}".extraConfig = ''
reverse_proxy http://${host}:9696
reverse_proxy http://${host}:${prowlarrPort}
import cloudflare_${domain}
'';
virtualHosts."radarr.${domain}".extraConfig = ''
reverse_proxy http://${host}:7878
reverse_proxy http://${host}:${radarrPort}
import cloudflare_${domain}
'';
virtualHosts."sonarr.${domain}".extraConfig = ''
reverse_proxy http://${host}:8989
reverse_proxy http://${host}:${sonarrPort}
import cloudflare_${domain}
'';
virtualHosts."lidarr.${domain}".extraConfig = ''
reverse_proxy http://${host}:8686
reverse_proxy http://${host}:${lidarrPort}
import cloudflare_${domain}
'';
virtualHosts."readarr.${domain}".extraConfig = ''
reverse_proxy http://${host}:8787
reverse_proxy http://${host}:${readarrPort}
import cloudflare_${domain}
'';
virtualHosts."bazarr.${domain}".extraConfig = ''
reverse_proxy http://${host}:6767
reverse_proxy http://${host}:${toString config.services.bazarr.listenPort}
import cloudflare_${domain}
'';
virtualHosts."jellyseerr.${domain}".extraConfig = ''
reverse_proxy http://${host}:5055
reverse_proxy http://${host}:${toString config.services.jellyseerr.port}
import cloudflare_${domain}
'';
};
@ -240,7 +245,7 @@ in
services.prometheus.exporters = {
exportarr-prowlarr = {
enable = true;
url = "http://arr.internal:9696";
url = "http://${host}:${prowlarrPort}";
port = 9701;
user = "exportarr";
group = "exportarr";
@ -248,7 +253,7 @@ in
};
exportarr-radarr = {
enable = true;
url = "http://arr.internal:7878";
url = "http://${host}:${radarrPort}";
port = 9702;
user = "exportarr";
group = "exportarr";
@ -256,7 +261,7 @@ in
};
exportarr-sonarr = {
enable = true;
url = "http://arr.internal:8989";
url = "http://${host}:${sonarrPort}";
port = 9703;
user = "exportarr";
group = "exportarr";
@ -264,7 +269,7 @@ in
};
exportarr-lidarr = {
enable = true;
url = "http://arr.internal:8686";
url = "http://${host}:${lidarrPort}";
port = 9704;
user = "exportarr";
group = "exportarr";
@ -272,7 +277,7 @@ in
};
exportarr-readarr = {
enable = true;
url = "http://arr.internal:8787";
url = "http://${host}:${readarrPort}";
port = 9705;
user = "exportarr";
group = "exportarr";
@ -280,7 +285,7 @@ in
};
exportarr-bazarr = {
enable = true;
url = "http://arr.internal:6767";
url = "http://${host}:${toString config.services.bazarr.listenPort}";
port = 9706;
user = "exportarr";
group = "exportarr";

6
modules/services/nextcloud.nix
View file

@ -143,7 +143,6 @@ in
settings = {
host = [
''127\.0\.0\.1''
"::1"
];
storage.wopi."@allow" = true;
};
@ -159,7 +158,10 @@ in
};
networking.firewall.allowedTCPPorts = [ 9980 ];
networking.firewall.allowedTCPPorts = [
80
config.services.collabora-online.port
];
environment.systemPackages = with pkgs; [
exiftool